From 5af9fa5e68f7849dca475590dcbd82a1d169c131 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 12 Feb 2022 10:23:08 +0100 Subject: Process NFUs --- data/CVE/list.2021 | 48 ++++++++++++++++++++++++------------------------ data/CVE/list.2022 | 52 ++++++++++++++++++++++++++-------------------------- 2 files changed, 50 insertions(+), 50 deletions(-) (limited to 'data') diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index a5ae115e54..19c38d422c 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -716,17 +716,17 @@ CVE-2021-46368 CVE-2021-46367 RESERVED CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...) - TODO: check + NOT-FOR-US: Magnolia CMS CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) - TODO: check + NOT-FOR-US: Magnolia CMS CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...) - TODO: check + NOT-FOR-US: Magnolia CMS CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) - TODO: check + NOT-FOR-US: Magnolia CMS CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...) - TODO: check + NOT-FOR-US: Magnolia CMS CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...) - TODO: check + NOT-FOR-US: Magnolia CMS CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...) NOT-FOR-US: Composr-CMS CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...) @@ -3340,7 +3340,7 @@ CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at NOTE: https://github.com/appneta/tcpreplay/issues/687 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0) CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...) - TODO: check + NOT-FOR-US: ffjpeg CVE-2021-45384 RESERVED CVE-2021-45383 @@ -4466,9 +4466,9 @@ CVE-2021-44959 CVE-2021-44958 RESERVED CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...) - TODO: check + NOT-FOR-US: ffjpeg CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...) - TODO: check + NOT-FOR-US: ffjpeg CVE-2021-44955 RESERVED CVE-2021-44954 @@ -4585,9 +4585,9 @@ CVE-2021-44914 CVE-2021-44913 RESERVED CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...) - TODO: check + NOT-FOR-US: XE CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...) - TODO: check + NOT-FOR-US: XE CVE-2021-44910 RESERVED CVE-2021-44909 @@ -5062,7 +5062,7 @@ CVE-2021-44545 CVE-2021-44457 RESERVED CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-43351 RESERVED CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...) @@ -5076,7 +5076,7 @@ CVE-2021-23188 CVE-2021-23168 RESERVED CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-23145 RESERVED CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile] @@ -5762,7 +5762,7 @@ CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...) - cassandra (bug #585905) CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...) - TODO: check + NOT-FOR-US: TCMAN GIM CVE-2021-4045 RESERVED CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...) @@ -6811,7 +6811,7 @@ CVE-2021-44113 CVE-2021-44112 RESERVED CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download ...) - TODO: check + NOT-FOR-US: S-Cart CVE-2021-44110 RESERVED CVE-2021-44109 @@ -7117,11 +7117,11 @@ CVE-2021-3978 CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: invoiceninja CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...) - TODO: check + NOT-FOR-US: JT2Go / Siemens CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) NOT-FOR-US: Siemens CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...) - TODO: check + NOT-FOR-US: JT2Go / Siemens CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) NOT-FOR-US: Siemens CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) @@ -7153,7 +7153,7 @@ CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions < CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) NOT-FOR-US: Siemens CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...) - TODO: check + NOT-FOR-US: JT2Go / Siemens CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...) - guacamole-client [stretch] - guacamole-client (SAML is not supported) @@ -8020,7 +8020,7 @@ CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Ha CVE-2021-43636 RESERVED CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...) - TODO: check + NOT-FOR-US: Codex CVE-2021-43634 RESERVED CVE-2021-43633 @@ -9830,7 +9830,7 @@ CVE-2021-42942 CVE-2021-42941 RESERVED CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...) - TODO: check + NOT-FOR-US: Projeqtor CVE-2021-42939 RESERVED CVE-2021-42938 @@ -13377,15 +13377,15 @@ CVE-2021-41447 CVE-2021-41446 RESERVED CVE-2021-41445 (A reflected cross-site-scripting attack in web application of D-Link D ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-41444 RESERVED CVE-2021-41443 RESERVED CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-41440 RESERVED CVE-2021-41439 @@ -14862,7 +14862,7 @@ CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite CVE-2021-40838 RESERVED CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...) - TODO: check + NOT-FOR-US: F-Secure CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) NOT-FOR-US: F-Secure CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index d9385f93c1..c294f9e340 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -20,7 +20,7 @@ CVE-2022-24970 CVE-2022-24969 RESERVED CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...) - TODO: check + NOT-FOR-US: Mellium CVE-2022-24967 RESERVED CVE-2022-24966 @@ -3572,7 +3572,7 @@ CVE-2022-23630 (Gradle is a build tool with a focus on build automation and supp CVE-2022-23629 RESERVED CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...) - TODO: check + NOT-FOR-US: OPA CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...) NOT-FOR-US: ArchiSteamFarm CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...) @@ -3584,21 +3584,21 @@ CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScrip CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...) NOT-FOR-US: Frourio CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...) - php-twig 3.3.8-1 NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v @@ -4362,7 +4362,7 @@ CVE-2022-23323 CVE-2022-23322 RESERVED CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on two in ...) - TODO: check + NOT-FOR-US: XMPie CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...) NOT-FOR-US: XMPie uStore CVE-2022-23319 @@ -5965,7 +5965,7 @@ CVE-2022-22767 CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...) NOT-FOR-US: BD Pyxis CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...) - TODO: check + NOT-FOR-US: BD Viper LT system CVE-2022-22764 RESERVED {DSA-5069-1 DLA-2916-1} @@ -8432,7 +8432,7 @@ CVE-2022-21239 CVE-2022-21229 RESERVED CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21206 RESERVED CVE-2022-21188 @@ -8450,7 +8450,7 @@ CVE-2022-21162 CVE-2022-21161 RESERVED CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21152 RESERVED CVE-2022-21150 @@ -8470,7 +8470,7 @@ CVE-2022-21240 CVE-2022-21237 RESERVED CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21212 RESERVED CVE-2022-21197 @@ -8484,7 +8484,7 @@ CVE-2022-21140 CVE-2022-21139 RESERVED CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21792 RESERVED CVE-2022-21791 @@ -9739,15 +9739,15 @@ CVE-2022-21242 (Vulnerability in the Primavera Portfolio Management product of O CVE-2022-21216 RESERVED CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21200 RESERVED CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21151 RESERVED CVE-2022-21138 @@ -9757,13 +9757,13 @@ CVE-2022-21136 CVE-2022-21131 RESERVED CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21207 RESERVED CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21181 RESERVED CVE-2022-21180 @@ -10543,7 +10543,7 @@ CVE-2022-20740 CVE-2022-20739 RESERVED CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20737 RESERVED CVE-2022-20736 @@ -10664,7 +10664,7 @@ CVE-2022-20682 CVE-2022-20681 RESERVED CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco Prime S ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20679 RESERVED CVE-2022-20678 @@ -10764,7 +10764,7 @@ CVE-2022-20632 CVE-2022-20631 RESERVED CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20629 RESERVED CVE-2022-20628 -- cgit v1.2.3